Andrew Rubin: In every sense of the word, people talk about luck, timing, and fate being not everything, but an important part of the story.

Sramana Mitra: It’s a very big thing.

Andrew Rubin: It’s an incredibly important part of the story in my case. While I was at Cymtec, I was coming out to California for conferences and to visit colleagues. On one of those trips before I moved out here, I was introduced to PJ Kirner who is the co-founder and CTO of Illumio. We were introduced by a mutual colleague who thought that we might enjoy talking about security and talking about views of the world that he believed we shared in common. PJ and I got together and had lunch. That started a conversation that, in a lot of ways, lasted a year and a half and led to the formation of Illumio.

PJ, unlike myself, comes out of the engineering world. He is an engineer by background and an architect and CTO by trade. When you blended my customer-centric view of the world with his technology view of the world, we found out that we shared a lot of ideas and they blended together really well. We didn’t know it when we sat down for lunch that first day but it ended up leading to the concept of starting a company to build something that takes all these ideas we have and bring them to life.

Sramana Mitra: What was the concept of Illumio? When you were having these conversations, what is the nugget that struck you that needed addressing in the world of security?

Andrew Rubin: That actually brings me back to the first conversation that PJ and I had. Both of us have spent all of our careers in what’s traditionally known as the network infrastructure or security space. You deliver products like firewalls or, in my case, intrusion detection, and you try and secure an enterprise via their network. When we had lunch the first day, we asked ourselves two very simple questions. First of all, what happens in a world where people are using things like virtualization and, in particular, things like public cloud? How do you think about securing these assets when they’re operating so differently than they have in the past?

The second question was we focused on securing what’s called the perimeter of the data center for 20 years. There’s been a lot of high-profile breaches recently and it seems that security is no longer enough. What are companies doing to understand and secure what happens inside of their environment? Although it sounds simple to say this, if you think back to the time that I’m describing, it was a very interesting idea to ask, “What else does security require now that was never required in the past for the world of cloud where things are supposed to be very global and dynamic?” That was the start of the conversation.